Encryption Commission Legislation Introduced

Even as the Apple v. FBI encryption battle grabs headlines, a bicameral, bipartisan pair of legislators have introduced a bill -- announced last December -- that would create a National Commission on Security and Technology Challenges to hash out some of the underlying issues and recommend solutions.

The legislation creates a commission that is required to report back to Congress, but some opponents of encryption back doors fear the commission itself could be a back door to legislation weakening encryption.

The Legislative Branch commission would bring together the tech sector, law enforcement, intelligence, privacy and civil liberties groups and the national security community to examine the intersection of security and digital security and communications technology in a systematic, holistic way, and determine the implications for national security, public safety, data security, privacy, innovation, and American competitiveness in the global marketplace."

Sponsoring the bill are Senate Intelligence Committee member Sen. Mark R. Warner (D-Va.) and House Homeland Security Committee Chairman Michael McCaul (R-Tex.), with a couple dozen co-sponsors across both the House and Senate.

Currently Apple is fighting a court order to unencrypt the data on a single phone, but argues the implications go further to the issue of privacy vs. security.

The bill would require the commission to produce a report on the benefits of encryption in protecting privacy and civil liberties and the costs of weakening encryption versus the impact on criminal investigations and counterterrorism.

It is also expected to make policy and legislative suggestions if necessary.

The commission shall consist of 16 members, eight chosen by the Speaker of the House and Senate Majority Leader and eight by the House and Senate minority leaders. In addition, the President would get to choose a ninth member, serving ex officio (and non-voting).

The commission members would be chosen within 30 days of the passage of the act, must meet within 60 days. An interim report must be submitted within six months of that first meeting, and a final report within 12 months of that first meeting.

“As someone who spent nearly two decades in the tech industry, I recognize that there are no easy or simple solutions to the challenges posed by the growing use of secure technologies," said Warner. "The same tools that allow terrorists and criminals to evade detection by American intelligence and law enforcement are also used each day by Americans who rely upon secure technologies to safely shop online, communicate with friends and family, and run their businesses.”

The Center for Democracy and Technology is okay with a commission, but not with any compromise on the issue of creating technology or software back doors for law enforcement.

"The charge and composition of the proposed commission are positive signs that the bill's authors are truly looking for solutions that protect strong cryptography and digital security," said Joseph Lorenzo Hall, CDT's chief technologist. "In a world of increasingly complex technologies, we are concerned that the commission may focus on shortsighted solutions involving mandated or compelled backdoors. Make no mistake, there can be no compromise on backdoors. Strong encryption makes anyone who has a cell phone or who uses the Internet far more secure."

TechNet stopped short of endorsing the legislation, but liked what it saw. "“It is important to have an expert discussion that considers the legitimate rights and needs of consumers, businesses, governments, and the American economy," said TechNet President Linda Moore. "The proposed commission could provide a valuable framework to help resolve these important issues.”

But New America's Open Technology Institute said it can't support the effort.

“Although we very much appreciate the bill sponsors’ intent—to prevent knee-jerk legislation that may undermine our digital security, by instead proposing this new commission—we fear that it may ultimately result in just that," said OTI director Kevin Bankston. "The bill’s lead sponsor has made clear that he wants this commission to 'set the table' for Congressional action to resolve the encryption controversy, and the bill reflects that goal. Based on how the bill currently defines the commission’s mission, the commissioners would necessarily have to consider and ultimately may even recommend legal mandates to force technology companies to redesign or weaken their products’ security features. But such a surveillance backdoor mandate may just be the appetizer. The bill goes so far as to task the commission with considering changes to the full range of laws governing wiretaps and warrants for digital data, which means the commission may ultimately offer Congress a huge menu of changes to a wide range of surveillance and privacy law."